A group of NHS clinicians who manage registries with health information on millions of patients are concerned about potential data breaches due to a lack of basic IT security measures in an NHS England project. The Outcome Registries Platform (ORP) aims to centralize over 30 clinical registries with sensitive data on the internet without proper multi-factor authentication (MFA), violating NHS security protocols.
The concern is that patient data, including from cancer patients, transplant recipients, and those with congenital conditions or HIV, could be at risk if the ORP is compromised. The Federation of Clinical Registries (FCR) has raised alarms about the ORP’s lack of proper security measures and its expansion beyond its original scope, going against NHS security policies.
The FCR also highlighted issues with the user registration process, expressing worries about how personal data is handled and users granted access to patient information. They are demanding that the ORP software platform be taken down until security issues are addressed to protect patient data better.
Additionally, patient advocacy groups, such as the UK Haemophilia Society, are concerned about the National Haemophilia Database (NHD) being included in the ORP without proper consultation or consideration of the database’s critical role in tracking bleeding disorders and supporting inquiries like the Infected Blood Inquiry.
Patients and advocacy groups are urging NHS England to reconsider its plans and protect patient records by following recommendations for better patient-centered care in managing critical health registries like the NHD.